You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Paul Stanton <pa...@mapshed.com.au> on 2010/06/01 02:01:04 UTC
Re: zone update json response escaping issues
sorry, thought i was in the right place. i now know.
Ulrich Stärk wrote:
> Correct. I'm moving the issue report to its correct location.
>
> On 31.05.2010 09:29, Christian Riedel wrote:
>> Though I'm not a committer I guess that
>> https://issues.apache.org/jira/browse/TAP5 would be a better place to
>> add a jira :)
>> Can anyone confirm that the TAPESTRY project is only for T4?
>>
>> Am 31.05.2010 um 08:00 schrieb Paul Stanton:
>>
>>> https://issues.apache.org/jira/browse/TAPESTRY-2764
>>>
>>> Paul Stanton wrote:
>>>> I've found that changing the implementation of tapestry resolves
>>>> the issue:
>>>>
>>>> Tapestry 5.1.0.5,
>>>> org.apache.tapestry5.dom.AbstractMarkupModel
>>>> line 136
>>>> builder.append("'");
>>>> change to
>>>> builder.append("'");
>>>>
>>>> p.
>>>>
>>>> Paul Stanton wrote:
>>>>> Hi All,
>>>>>
>>>>> I've found an issue with how tapestry escapes its zone HTML
>>>>> content within the JSON of the zone update XHR response.
>>>>>
>>>>> Eg:
>>>>>
>>>>> <t:zone ...>
>>>>> <a href="" onclick="alert('hi'); return false;">hi</a>
>>>>> </t:zone>
>>>>>
>>>>> The HTML is stored within a String initialised with double quotes
>>>>> inside the JSON, converting double quotes for attribute values
>>>>> with single quotes. it also converts single quotes within the
>>>>> attribute values to the "'" ASCII reference:
>>>>>
>>>>> "<a href='' onclick='alert('hi'); return false;'>hi</a>"
>>>>>
>>>>> This looks fine and works in FireFox, but IE8 throws a syntax
>>>>> error. I'm guessing it converts' to "'" too early and
>>>>> attempts to parse "alert(" or something like that.
>>>>>
>>>>> The only resolution I have is to put double quotes within the
>>>>> double quoted attribute value, which works when supplying the
>>>>> attribute value via a page property (ie java) but otherwise causes
>>>>> a tml parse exception, and needless to say, is not very good html:
>>>>>
>>>>> <a href="" onclick="alert("hi"); return false;">hi</a>
>>>>>
>>>>> I think that when preparing the zone update JSON tapestry should
>>>>> escape single quotes within attribute values via "\'" instead of
>>>>> "'". This would resolve IE8's issue.
>>>>>
>>>>> thoughts?
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>>>>> For additional commands, e-mail: users-help@tapestry.apache.org
>>>>>
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>>>> For additional commands, e-mail: users-help@tapestry.apache.org
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>>> For additional commands, e-mail: users-help@tapestry.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org